Audit New Zealand has asked Tauranga City Council to improve systems that measure customer satisfaction with its building services division.

The division has come under intense scrutiny from builders and developers in recent years for the time taken to issue building consents and inspect buildings under construction. The council's response had included increasing staff numbers.

Audit New Zealand's report to yesterday's Finance and Risk Committee meeting criticised the council for having no formal systems to adequately assess customer satisfaction with the performance of building services.

Although the council indicated that it surveyed 100 customers, Auditor Director Ben Halford said there was no criteria on why and how customers were selected for the survey.


Mr Halford said the specifics of the survey, such as the questions and review process, had not been determined at the time of the interim audits.

He said the council needed to review the process around how it reported on performance measures to ensure that "adequate systems" were in place.

Council responded that its survey of 100 building consent customers represented just over 4 per cent of all building consents issued and was in line with previous surveys. "A full methodology is available."

Councillors heard that the customers were randomly selected and phoned. The survey was carried out within the council organisation and not independently. Additional disclosures would be put around how the surveys were done.

Audit New Zealand's overall management report on its interim audit for the year ending June 30 did not list anything as needing "urgent" attention.

However a number of suggested improvements were listed as "necessary". This meant they needed to be addressed at the earliest reasonable opportunity and generally within six months.

Most of the improvements were identified in the Information Communications Technology (ICT) area of the council's operations. It included monitoring and reporting of ICT systems and the management of generic network accounts.

The council responded that operational performance and planned outages were published daily and that the pace and growth of the council such as new appointments had at times placed extraordinary pressure on ICT resources.


Audit NZ said the ICT incident management process did not include formalised reporting on major incidents. Subsequent to its visit to the council, there had been a "Cryptowall" ransomware attack, introduced through a USB stick.

The council said the virus was immediately detected by the system and the incident report completed within one hour of the response. The response was not actioned until the morning because no staff were rostered overnight.

"Corrective actions have been taken including further monitoring alerts," the council report said.

It was also revealed that the council has taken legal advice and would not be issuing bonds for the year ending June 30 next year.'